Comment on Plex got hacked.

<- View Parent
phoenixz@lemmy.ca ⁨15⁩ ⁨hours⁩ ago

Not entirely

Firstly you don’t “generate hashes until there is a match”. You can generate hashes until the end of the universe and you’ll still have only a fraction of all possible hashes.

What typically is used are large lookup tables with hashes from known passwords. You can then take that table, take a hash you got, and look it up.

So firstly, hashes should be salted, and if salted correctly, it’s already extremely much harder to use because these tables no longer work. There are few more things you can do but that pretty much is a hard wall already.

The problem is that many corporate systems out there have horrible security. They either use a hash that has been known to be broken since a long time ago (hello LinkedIn), don’t use salting (hello linkediiiiiinn), or don’t use hashing at all.

It’s because of idiots like these that there are so many accounts with password tables out there

What to do?

Use password managers. Now all your site’s have different, safe passwords and you only need to know one. Use 2FA where possible and supported

source
Sort:hotnewtop